Fix keychain biometric prompts on Android #6631

janicduplessis · 2025-05-15T01:17:29Z

Fixes APP-2622

What changed (plus any additional context for devs)

When upgrading react-native-keychain to v9 it now uses instead BLOCK_MODE_GCM of BLOCK_MODE_ECB which supports biometrics authentication. This means that it will prompt for biometrics when trying to encrypt or decrypt values.

The issue is that when restoring multiple wallets from a backup it executes many operations requiring encryption in a row and it seems like pixel device rate limit how often the prompt can be shown and the encryption key generated is only valid for 5 seconds because of the config in react-native-keychain. This means that sometimes the generated key is expired, but the system will not allow showing a biometrics prompt yet.

To fix this we can increase the validity of the key to 5 minutes to reduce the number of prompts, and I think this still keeps good safety, while avoiding to spam the user.

Another alternative would be to force using an encryption method without biometrics prompt, but this is better in my opinion.

Screen recordings / screenshots

Tested by @ibrahimtaveras00 on Pixel device where the issue happened.

screen-20250514-181209.mp4

What to test

Restore a wallet from backup as described in the notion document.

linear · 2025-05-15T01:18:05Z

APP-2622 [Android only] Not all wallets restored from older backup

ibrahimtaveras00

Not ideal behavior discussed in this thread

Test case results can be found here

janicduplessis · 2025-05-16T14:27:53Z

Updated with our latest solution

ibrahimtaveras00

Looks good 👍🏽

jinchung

🌮

* Use storage type RSA * Log supported biometry result

janicduplessis requested review from jinchung, walmat and BrodyHughes May 15, 2025 01:36

derHowie added the release for release blockers and release candidate branches label May 15, 2025

ibrahimtaveras00 self-requested a review May 15, 2025 16:00

ibrahimtaveras00 requested changes May 15, 2025

View reviewed changes

Use storage type RSA

87e97b7

8000

janicduplessis force-pushed the @janic/fix-keychain branch from c13f0a5 to 87e97b7 Compare May 16, 2025 14:24

Log supported biometry result

141a994

ibrahimtaveras00 approved these changes May 19, 2025

View reviewed changes

jinchung approved these changes May 19, 2025

View reviewed changes

jinchung merged commit 8970584 into develop May 19, 2025
7 of 8 checks passed

jinchung deleted the @janic/fix-keychain branch May 19, 2025 15:27

ibrahimtaveras00 pushed a commit that referenced this pull request May 19, 2025

Fix keychain biometric prompts on Android (#6631)

37849ab

* Use storage type RSA * Log supported biometry result

BrodyHughes pushed a commit that referenced this pull request May 21, 2025

Fix keychain biometric prompts on Android (#6631)

7ba9763

* Use storage type RSA * Log supported biometry result

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix keychain biometric prompts on Android #6631

Fix keychain biometric prompts on Android #6631

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Fix keychain biometric prompts on Android #6631

Fix keychain biometric prompts on Android #6631

Uh oh!

Conversation

Uh oh!

What changed (plus any additional context for devs)

Screen recordings / screenshots

What to test

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!